Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-4537 Support the Azure VM-assigned Managed Identity for Automatic KMS Credentials
  3. NODE-5076

Add support for Azure KMS automatic credential refresh

XMLWordPrintableJSON

    • 0
    • Not Needed
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Acceptance Criteria

      • add azure/identity as an optional peer dependency to mongodb-client-encryption
      • refactor the existing credential providers into separate modules, with a single index.js exporting them together
      • create a new provider for azure
        • add a kms refresh function that lazily imports the azure module and fetches the credentials
        • add support for caching of the azure kms token
      • add Typescript support in libmongocrypt

      Testing

      • lazily importing of kms providers
        • we don't import the azure module unless requested
      • caching of credentials
        • we refresh the token when the token expires < 60s from the current time
        • we do not refresh the token when the token expires > 60s from the current time and return the cached token
        • if there is no cached token, we refresh the token

            Assignee:
            bailey.pearson@mongodb.com Bailey Pearson
            Reporter:
            bailey.pearson@mongodb.com Bailey Pearson
            Neal Beeken
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: